Social-networking sites have grown tremendously in popularity in recent years. Services such as FACEBOOK™ and MYSPACE™ allow millions of users to create online profiles and to share details of their personal lives with networks of friends, and often, strangers. As the number of users of these sites and the number of sites themselves explode, securing individuals' privacy to avoid threats such as identity theft and digital stalking becomes an increasingly important issue. Although all major online social networks provide at least some privacy enhancing functionalities, the majority of users typically accept the default settings (which usually means that they let their information open to the public), and do not revisit their options until damage is done. This is either due to the poor user-interface design or the common belief that sharing personal information online is more cool than harmful.
Past research on privacy and social networks mainly focuses on corporate-scale privacy concerns, i.e., how to share a social network owned by one organization without revealing the identity or sensitive relationships among the registered users. Not much attention has been given to individual users' privacy risk posed by their information-sharing activities. Indeed, many privacy schemes are based on a one-dimensional analysis of the relative sensitivity of the data. That is, for example, a birth date may be deemed sensitive or not sensitive based on a subjective evaluation of the privacy value of that data. Sensitivity may, in this example be calculated based on survey or some other tool. However, evaluating only sensitivity may not accurately account for a privacy value across a number of social groups. For the birth date example, birth date may be perceived as less private in a social dating group, where birth date may be a factor in selecting a potential matching personality. On the other hand, birth date may be perceived as very private or merely not relevant in a hobby group where birth date may have no rational connection with the activities of the group. Thus, additional dimensions for calculating privacy scores may be desirable.